bigRAG
API Reference

Authentication

Secure bigRAG API with a shared secret token.

bigRAG uses a simple shared secret for API protection.

Setup

Set the BIGRAG_API_SECRET environment variable to require authentication:

BIGRAG_API_SECRET=your-secret-token

If BIGRAG_API_SECRET is not set, the API is open to all requests — no authentication required.

Making Requests

When authentication is enabled, include the secret in the Authorization header:

curl http://localhost:6100/v1/collections \
  -H "Authorization: Bearer your-secret-token"

For SSE endpoints (like document progress), the token can be passed as a query parameter:

curl "http://localhost:6100/v1/collections/docs/documents/DOC_ID/progress?token=your-secret-token"

Error Response

Missing or invalid tokens return HTTP 401:

{
  "detail": "Unauthorized"
}

Health endpoints (/health and /health/ready) do not require authentication and are always accessible.

Security Notes

  • Tokens are compared using constant-time comparison to prevent timing attacks
  • Always use HTTPS in production to protect the token in transit
  • The BIGRAG_API_SECRET is a shared secret — all clients use the same token

Webhooks

Get notified when documents are processed with HMAC-signed webhook payloads.

Collections

API endpoints for managing collections.

On this page

SetupMaking RequestsError ResponseSecurity Notes